Executive Summary
| Summary | |
|---|---|
| Title | Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) |
| Informations | |||
|---|---|---|---|
| Name | MS08-044 | First vendor Publication | 2008-08-12 |
| Vendor | Microsoft | Last vendor Modification | 2008-08-13 |
| Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V1.1 (August 13, 2008): Clarified that the update for Microsoft Office Project 2002 Service Pack 1 is the same as the update for Microsoft Office XP Service Pack 3. Customers who have already successfully installed this update do not have to reinstall.Summary: This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS08-044.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 80 % | CWE-399 | Resource Management Errors |
| 20 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5868 | |||
| Oval ID: | oval:org.mitre.oval:def:5868 | ||
| Title: | Microsoft Malformed BMP Filter Vulnerability | ||
| Description: | Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3020 | Version: | 10 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office 2000 Microsoft Office XP Microsoft Office Project 2002 Microsoft Office Converter Pack Microsoft Works |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5879 | |||
| Oval ID: | oval:org.mitre.oval:def:5879 | ||
| Title: | Microsoft Malformed PICT Filter Vulnerability | ||
| Description: | Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3018 | Version: | 10 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Office Project 2002 Microsoft Office Converter Pack Microsoft Works |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5997 | |||
| Oval ID: | oval:org.mitre.oval:def:5997 | ||
| Title: | Microsoft PICT Filter Parsing Vulnerability | ||
| Description: | Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3021 | Version: | 12 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Office Project 2002 Microsoft Office Converter Pack Microsoft Works 8 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6019 | |||
| Oval ID: | oval:org.mitre.oval:def:6019 | ||
| Title: | Microsoft Office WPG Image File Heap Corruption Vulnerability | ||
| Description: | WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3460 | Version: | 10 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Office Project 2002 Microsoft Office Converter Pack Microsoft Works |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6122 | |||
| Oval ID: | oval:org.mitre.oval:def:6122 | ||
| Title: | Microsoft Malformed EPS Filter Vulnerability | ||
| Description: | Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3019 | Version: | 10 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Office Project 2002 Microsoft Office Converter Pack Microsoft Works |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 | |
| Application | 1 | |
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-08-19 | Name : Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (9... File : nvt/secpod_ms08-044_900029.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 47402 | Microsoft Office Filters PICT File Handling Arbitrary Code Execution |
| 47401 | Microsoft Office Filters Encapsulated PostScript (EPS) File Handling Arbitrar... |
| 47400 | Microsoft Office BMPIMP32.FLT Filter BMP File Header Handling Arbitrary Code ... A remote overflow exists in the BMPIMP32.FLT Filter Module that comes with Microsoft Office XP. The Filter Module fails to handle malformed BMP image headers resulting in a heap overflow. With a specially crafted file, a context-dependent attacker can cause execute arbitrary code resulting in a loss of integrity. |
| 47398 | Microsoft Office Filters PICT File bits_per_pixel Field Heap Corruption |
| 47397 | Microsoft Office WPGIMP32.FLT Filter WordPerfect Graphics (WPG) File Handling... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2008-08-14 | IAVM : 2008-A-0058 - Multiple Microsoft Office Filters Remote Code Execution Vulnerabilities Severity : Category II - VMSKEY : V0016741 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-10-31 | Apple PICT Quickdraw image converter packType 4 buffer overflow attempt RuleID : 44456 - Revision : 2 - Type : FILE-IMAGE |
| 2017-10-31 | Apple PICT Quickdraw image converter packType 4 buffer overflow attempt RuleID : 44455 - Revision : 2 - Type : FILE-IMAGE |
| 2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28322 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28321 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28320 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28319 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28318 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28317 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28316 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28315 - Revision : 6 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28314 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28313 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28312 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28311 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office eps filters memory corruption attempt RuleID : 27090 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office eps filters memory corruption attempt RuleID : 27089 - Revision : 5 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office eps filters memory corruption attempt RuleID : 26597 - Revision : 5 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office eps filters memory corruption attempt RuleID : 13970 - Revision : 18 - Type : FILE-OFFICE |
| 2014-01-10 | WordPerfect Graphics file invalid RLE buffer overflow attempt RuleID : 13958 - Revision : 10 - Type : FILE-OFFICE |
| 2014-01-10 | Apple PICT/Quickdraw image converter packType 3 buffer overflow exploit attempt RuleID : 13947 - Revision : 11 - Type : FILE-IMAGE |
| 2014-01-10 | Apple PICT/Quickdraw image converter packType 4 buffer overflow exploit attempt RuleID : 13946 - Revision : 11 - Type : FILE-IMAGE |
| 2014-01-10 | Windows BMP image conversion arbitrary code execution attempt RuleID : 13879 - Revision : 13 - Type : OS-WINDOWS |
| 2014-01-10 | BMP image handler buffer overflow attempt RuleID : 13865 - Revision : 18 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-08-13 | Name : Arbitrary code can be executed on the remote host through the Microsoft Offic... File : smb_nt_ms08-044.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:46:01 |
|
| 2014-01-19 21:30:13 |
|
| 2013-11-11 12:41:08 |
|
| 2013-05-11 00:49:21 |
|
